Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.

Follow Us on Twitter
  • 0
    Updated: Anand Muralidharan 18 Jun 2013 18:30:51 GMT

    Hospitality Spam Takes a New Ride

    Hospitality is the friendly bonding between the guest and host, especially efforts to make the guest feel comfortable. Spammers exploit hospitality events, and the bond between guest and host, with fake promotional offers. We are currently observing an increase in spam messages which exploit hospitality offered by major events, festivals, and concerts. The spam messages invite users to watch the events at entertaining venues happening in different places. Hospitality spam tries to entice users with bogus offers such as the following: Luxury items Fine dining Champagne VIP parking VIP hostess service Gambling Q&A with sports celebrities Large plasma screens   Figure 1. British Grand Prix hospitality spam ...
  • 0
    Created: Anand Muralidharan 13 Jun 2013 18:43:50 GMT

    419 Scammers Eye ICC Champions Trophy 2013

    The International Cricket Council (ICC) Champions Trophy 2013 is currently being held in England and Wales. The group matches are already in progress and the grand finale will be held on June 23. In the past, Symantec observed various spam emails targeting the ICC World T20 and the Cricket World Cup. As expected, we have seen ICC Champions Trophy 2013 scam emails flowing into the Symantec Probe Network. Nigerian scammers have reached out through text based emails, .doc files, and PDF files. Here, the scam message is attached as a .doc file called ICC UPDATE.doc. The email says that the reader has won a brand new Camry Solara worth 85,000 Euro. This is typical of 419 scams. The scam email explains that the winning email address was obtained in a raffle and was sent to the final drawing conducted at...
  • 0
    Created: Ashish Diwakar 11 Jun 2013 04:44:49 GMT

    Phishers Now Target Real Madrid Fans

    Contributor: Avdhoot Patil It seems that targeting football clubs, football celebrities, and football events has become a habit for phishers. They continue their uncivilized activities and in particular single out football. Now, phishers have set their eyes on the Real Madrid Football Club based in Madrid, Spain. Real Madrid is one of the world’s richest football clubs and has a large fan base. Figure. Fake Facebook phishing page featuring Real Madrid and Cristiano Ronaldo.  As we can see in the figure, the phishing page asks users to enter Facebook login...
  • 0
    Created: Anand Muralidharan 10 Jun 2013 20:59:45 GMT

    Scammers Take Advantage of Dance Grand Prix Europe 2013

    Contributor: Vivek Krishnamurthi The International Dance Competition “Dance Grand Prix Europe” is set to begin June 12 and will be hosted in Spain. The purpose of the competition is to showcase all the top dancers from various dance schools and this major event attracts choreographic talent from around the world. Spammers also don’t want to miss this event and the opportunity to circulate a scam.   Figure 1. Dance Grand Prix Europe 2013 spam   To grab the reader’s attention, the spam email reveals some appealing facts about the event along with "only a little fee" required but no additional charges for participation in the event. Clicking the URL will automatically redirect the user to a website containing a bogus...
  • 0
    Created: Anand Muralidharan 10 Jun 2013 13:27:32 GMT

    Beware of Fake Gift Offers for Father’s Day

    A lot of people are counting down the days until they can express their appreciation and love towards their dads by giving them gifts for Father’s Day, which is celebrated on June 16. Last month we published a blog called Spammers Continue to Exploit Mother’s Day, now it’s the turn of Father’s Day, as spam messages have started flowing into the Symantec Probe Network. Most of the spam emails attempt to encourage users to take advantage of product offers, fake surveys, and replica watches. Clicking the URL contained in the spam message automatically redirects the user to a website containing a bogus offer. Figure 1. Gift offer spam ...
  • 0
    Created: alisa_tsai 10 Jun 2013 05:13:30 GMT

    Dragon Boat Festival: Now Driving Away Spam Too

    The Dragon Boat Festival, also known as the Duanwu Festival, is an important traditional holiday that has been celebrated by Chinese people as well as other people in East Asian societies for nearly 2,000 years. It is a day for people to drive away epidemics and evil spirits in summer by holding a series of symbolic activities because in ancient times, summer was considered to be a season of bugs, snakes, and fleas that could cause serious diseases. There are several traditions followed on this day, such as holding a dragon boat race, eating sticky rice dumplings wrapped in bamboo (Zong zi), drinking realgar wine (Xionghuangjiu), and wearing perfumed medicine bags. Many of these activities involve some sort of commercial component—and spammers will never miss a good opportunity to make a profit. This year, the Dragon Boat Festival is going to be celebrated on June 12, 2013. In the lead-up to this...
  • 0
    Updated: Ashish Diwakar 04 Jun 2013 07:20:38 GMT

    Phishers Pretend to Be Turkish Police in Facebook Security Scam

    Contributor: Avdhoot Patil Phishers have continued to focus on social networking sites as a platform for their phishing activities. Symantec is familiar with various phishing campaigns related to social networking. Celebrity promotions, fake applications, recharge airtime, and grand prizes are often used as phishing bait. In a recent example, phishers have used the Turkish Police Force in their phishing attack targeting Turkish Facebook users. The phishing site was hosted on a free Web hosting site. Figure. Phishing site designed to look like an official Turkish Police Web page The phishing site was in Turkish and it stated that it is owned by the General Directorate of Security, Turkey. The phishing page further stated that the Turkish Police has recently observed Facebook account...
  • 0
    Updated: Samir_Patil 23 May 2013 23:14:57 GMT

    Whitewashed Spam – How Antispam Laws Are Helping Spammers

    Contributor: Binny Kuriakose Anonymity disguised as freedom of expression and lack of clear cut laws makes cyberspace murky from a security point of view. Countries are waking up and realizing that there is a need for laws which enable authorities to catch and punish cyberspace miscreants; however, these miscreants are very crafty. Spammers are known to use ingenious methods to peddle spam and lately they have even begun using antispam laws themselves in an effort to spearhead spam attacks. This blog is not about analyzing the effectiveness of antispam laws; it is about how spammers are quoting the laws in emails in order to make the spam look legitimate. There are some “grey area” emails, which fall somewhere between spam and legitimate mail, and sometimes there can be something very inconspicuous in the mail that can tip the balance in the mind of a recipient. Quoting antispam law in the body of the email and claiming that the email...
  • 0
    Created: Samir_Patil 23 May 2013 12:03:44 GMT

    Rise in URL Spam

    Symantec is observing an increase in spam containing URLs. On May 16, URL spam volume increased by 12% from 84% to 96% and since then the URL spam volume fluctuated between 95% and 99%. That means 95% of the spam messages delivered during this period has one or more URLs in it. Figure 1. URL spam message volume During this period, .ru was the most used top-level domain (TLD). As illustrated in Figure 2, it is interesting to note a drop in .ru spam and a simultaneous rise in .com and .pw spam. Over 73% of the URL spam contained the .ru, .com, or .pw TLDs. Figure 2. Top 3 TLDs distribution (last seven days) ...
  • 0
    Created: Mathew Maniyara 23 May 2013 06:03:47 GMT

    Phishers’ New Fake Social Media Apps

    Phishers are trying everything they can to improve their chances of harvesting user credentials. They are known for experimenting with different fake social media applications in a desperate move to lure users. Recently, we found a few examples of some new fake apps. In the first example, the phishing site used an image of a girl along with the Facebook Like button. After clicking the button, users are prompted for their Facebook login credentials in order to “like” the photo. After the credentials are entered, the phishing site acknowledges the login and asks users to click another Like button. The button is placed beside a fake number indicating the number of likes already gained. The phishing site was hosted on servers based in Amsterdam, Netherlands. Figure 1. Facebook Like button...